* Chapter 0

The Goals of Malware Analysis: Providing the information we need to respond to a network intrusion.

Malware analysis can be used to develop host-based and network signatures.

Host-based signatures
They are used to detect malicious code on victim computers.
Malware indicators focus on what the malware does to a system rather than the characteristics of the malware itself.

Network signatures
They are used to detect malicious code by monitoring network traffic.
Signatures created with the help of malware analysis are usually far more effective, offering a higher detection rate and fewer false positives.

Malware Analysis Techniques

1. Basic Static Analysis
   Examining the executable file without viewing the actual instructions.

2. Basic Dynamic Analysis
   Running the malware and observing its behavior on the system in order to remove the infection, produce effective signatures, or both.

3. Advanced Static Analysis
   Advanced static analysis consists of reverse-engineering the malware’s internals by loading the executable into a disassembler and looking at the program instructions in order to discover what the program does.

4. Advanced Dynamic Analysis
   Advanced dynamic analysis uses a debugger to examine the internal state of a running malicious executable.

Types of Malware

1. Backdoor
2. Botnet
3. Downloader
4. Information-stealing malware: sniffers, password hash grabbers, keyloggers
5. Launcher
6. Rootkit
7. Scareware
8. Spam-sending malware
9. Worm or virus

Malware can also be classified based on the target scale. e.g. Mass malware, targeted malware.
Targeted malware is a bigger threat than mass malware.

General Rules

1. Don't get too caught up in the details. Just get a general overview in some complex sections.
2. Try analyzing the malware from a different angle. For example, using different tools to analyze them.
3. Malware analysis is like a cat-and-mouse game.